Computer Security: Principles and Practice (Hardcover)

by William Stallings (Author), Lawrie Brown (Author)

Editorial Reviews

Product Description
For courses in Computer/Network Security. In recent years, the need for education in computer security and related topics has grown dramatically -- and is essential for anyone studying Computer Science or Computer Engineering. This is the only text available to provide integrated, comprehensive, up-to-date coverage of the broad range of topics in this subject. In addition to an extensive pedagogical program, the book provides unparalleled support for both research and modeling projects, giving students a broader perspective. The Text and Academic Authors Association have named Computer Security: Principles and Practice the winner of the Textbook Excellence Award for the best Computer Science textbook of 2008. Visit Stallings Companion Website at http://williamstallings.com/CompSec/CompSec1e.html for student and instructor resources and his Computer Science Student Resource site http://williamstallings.com/StudentSupport.html Password protected instructor resources can be accessed here by clicking on the Resources Tab to view downloadable files. (Registration required) Supplements Include: *Power Point Lecture Slides*Instructor's Manual*Author maintained website .

From the Back Cover

Computer Security: Principles and Practice

William Stallings and Lawrie Brown

 

A thorough, up-to-date survey of the entire discipline of computer security.

 

Security experts William Stallings and Lawrie Brown provide a comprehensive survey of computer security threats, technical approaches to the detection and prevention of security attacks, software security issues, and management issues.

 

Throughout, the authors focus on core principles, showing how they unify the field of computer securuity and demonstrating their applications in real-world systems and networks. They examine alternate design approaches to meeting security requirements and illuminate the standards that are central to today's security solutions.

 

Ideal for both academic and professional audiences, Computer Security offers exceptional clarity, careful organization, and extensive pedagogical support - including hundreds of carefully crafted practice problems.

 

COVERAGE

• Security technologies and principles, including cryptography, authentication, and access control
• Threats and countermeasures, from detecting intruders to countering DOS attacks
• Trusted computing and multilevel security
• Secure software: avoiding buffer overflows, malicious input, and other weaknesses
• Linux and Windows security models
• Managing security: physical security, training, audits, policies, and more
• Computer crime, intellectual property, privacy, and ethics
• Cryptographic algorithms, including public-key cryptography
• Internet security: SSL, TLS, IP security, S/MIME, Kerberos, X.509, and federatetd identity management

KEY FEATURES

• Strong coverage of unifying principles and design techniques
• Dozens of figures and tables that clarify key concepts
• Field-tested homework problems
• Extensive Web support at WilliamStallings.com/CompSec/CompSec1e.html
• Keyword/acronym lists, recommended readings, and glossary

About the Authors

 

William Stallings has won the Best Computer Science and Engineering Textbook award seven times. His Prentice Hall books include Operating Systems; Cryptography and Network Security; and Data and Computer Communications. Stallings consults widely with technology providers, customers, and researchers. He holds a Ph.D. in Computer Science from MIT. Dr. Lawrie Brown is Seniot Lecturer at the School of Information Technology and Electrical Engineering at the University of New South Wales at the Australian Defence Force Academy, Canberra, Australia.

 

Comprehensive Web support at WilliamStallings.com

See all Editorial Reviews

Product Details

• Hardcover: 880 pages
• Publisher: Prentice Hall; 1 edition (August 12, 2007)
• Language: English
• ISBN-10: 0136004245
• ISBN-13: 978-0136004240
• Product Dimensions: 9.3 x 7.1 x 1.3 inches
• Shipping Weight: 2.9 pounds (View shipping rates and policies)
• Average Customer Review: 3.0 out of 5 stars See all reviews (3 customer reviews)
• Amazon.com Sales Rank: #35,092 in Books (See Bestsellers in Books)

  Popular in these categories: (What's this?)

  #18 in	Books > Computers & Internet > Web Development > Security & Encryption > Encryption
  #21 in	Books > Computers & Internet > Certification Central > Exams > Security+
  #34 in	Books > Computers & Internet > Business & Culture > Privacy

Customer Reviews

Most Helpful Customer Reviews

4 of 4 people found the following review helpful:

4.0 out of 5 stars minimal maths treatment, April 12, 2008

By	W Boudville (Terra, Sol 3) - See all my reviews (TOP 50 REVIEWER)    (REAL NAME)

Stallings and Brown directs the book at a computer professional, who might be a programmer or system administrator. The book deliberately minimises the mathematical aspects. Much of the topic consists of layers above sophisticated encryption algorithms. Alas, a detailed treatment of the latter often requires heavy math background. If you do desire such a treatment, I recommend Matt Bishop's Introduction to Computer Security. That book was deprecated by some reviewers, who found it too mathematical.

Anyway, back to Stallings and Brown. It does proffer good technical explanations of various malware. Like worms and viruses. And attack modes like Denial of Service, and Distributed Denial of Service. Important variants are also covered - reflector and amplifier attacks.

Countermeasures to malware then naturally enter the narrative. So you learn how a firewall functions. Plus how to set up a honeypot to attract spam, phishing and malware.

So far, the above might be regarded as external attacks on your system. Sometimes, worms or viruses might try to take advantage of weaknesses in installed programs. Hence, another section of the book is for those of you who write such programs. Explaining how to guard against buffer and stack overflows, for example. These 2 are perhaps the most common entry points for malware.

2 of 2 people found the following review helpful:

2.0 out of 5 stars Okay content but they need to hire a proof-reader, June 7, 2008

By	Rich (Troy, MI United States) - See all my reviews

The content is okay. I would prefer some more detail and less "fluff" that's been pulled from old papers about security. My main complaint about this book is the sheer number of misspellings and typos. For example, I've just read one section that says "see section E" for further detail. There isn't a section "E" -- contextually, you can determine quickly that they mean section "D". I feel like I'm reading someone's draft and not a final product.

Also, most modern books include either a self-testing CD or a web site where you can quiz yourself. If you're using this book for self-study (as opposed to being in a class), it's difficult to gauge how well you're retaining the information. This book does not include a CD. It does, however have a companion web site but I was unable to find a self-assessment tool on that website.

2 of 2 people found the following review helpful:

3.0 out of 5 stars High level book on computer security lacks sufficient detail, September 30, 2007

By	calvinnme "Texan refugee" (Fredericksburg, Va) - See all my reviews (TOP 10 REVIEWER)

The author of this book also wrote the widely used text "Cryptography and Network Security". I like that book well enough, but you have to use outside resources to understand what's going on in that book, and I would say that is even more true for this textbook. That is because the author is basically taking subjects discussed in the Cryptography and Network Security book and adding topics like management issues and security of specific operating systems - without getting specific enough that you could actually solve too many problems. To me the best parts of the book are the appendices. The information on number theory is quite good, as are the suggestions for projects and labs. Unfortunately, this book does not contain sufficient information to perform those projects and labs. The contents make a good starting point for the study of computer security, but if you are an instructor be prepared to use lots of supplemental material or your students are going to be left high and dry. Currently the table of contents is not shown, so I include it next. This book is just under 900 pages long, so its 24 chapters are covering their subject matter in under 40 pages each, which does not give much room for detail.

Chapter 1 Overview

PART ONE COMPUTER SECURITY TECHNOLOGY AND PRINCIPLES
Chapter 2 Cryptographic Tools
Chapter 3 User Authentication
Chapter 4 Access Control
Chapter 5 Database Security
Chapter 6 Intrusion Detection
Appendix 6A:The Base-Rate Fallacy
Chapter 7 Malicious Software
Chapter 8 Denial of Service
Chapter 9 Firewalls and Intrusion Prevention Systems
Chapter 10 Trusted Computing and Multilevel Security

PART TWO SOFTWARE SECURITY
Chapter 11 Buffer Overflow
Chapter 12 Other Software Security Issues

PART THREE MANAGEMENT ISSUES
Chapter 13 Physical and Infrastructure Security
Chapter 14 Human Factors
Appendix 14A: Security Awareness Standard of Good Practice
Appendix 14B: Security Policy Standard of Good Practice
Chapter 15 Security Auditing
Chapter 16 IT Security Management and Risk Assessment
Chapter 17 IT Security Controls, Plans and Procedures
Chapter 18 Legal and Ethical Aspects
Appendix 18A: Information Privacy Standard of Good Practice

PART FOUR CRYPTOGRAPHIC ALGORITHMS
Chapter 19 Symmetric Encryption and Message Confidentiality
Chapter 20 Public-Key Cryptography and Message Authentication

PART FIVE INTERNET SECURITY
Chapter 21 Internet Security Protocols and Standards
Chapter 22 Internet Authentication Applications

PART SIX OPERATING SYSTEM SECURITY
Chapter 23 Linux Security
Chapter 24 Windows Security

APPENDICES
Appendix A Some Aspects of Number Theory
A.1 Prime and Relatively Prime Numbers
A.2 Modular Arithmetic
A.3 Fermat's and Euler's Theorems
Appendix B Random and Pseudorandom Number Generation
B.1 The Use of Random Numbers
B.2 Pseudorandom Number Generators (PRNGs)
B.3 True Random Number Generators
Appendix C Projects for Teaching Computer Security
C.1 Research Projects
C.2 Programming Projects
C.3 Laboratory Exercises
C.4 Writing Assignments
C.5 Reading/Report Assignments

ONLINE APPENDICES
Appendix D Standards and Standard-Setting Organizations
Appendix E TCP/IP Protocol Architecture
Appendix F Glossary